The Senior SIEM Engineer is a member of the Information Protection Center providing subject matter expertise. You are responsible for the health, performance, and capacity planning of our SIEM platform including the management and operation of the SIEM infrastructure.
This hands-on role requires a deep technical knowledge of security technologies and must have a solid understanding of information security and networking.
Providing subject matter expertise for all SIEM components and design.
Researching, documenting, and implementing security best practices to continually improve the deployment and use of the SIEM.
Coordinating and conducting event collection, log management, event management, and compliance automation.
Researching, analyzing, and understanding common and complex log sources.
Providing expert guidance regarding the implementation of rules and event correlation for the SIEM environment.
Developing detection rules to support alerting and response capabilities for our SOC services.
Providing day to day event parsing and repairing of events that have missing or incorrect information.
Troubleshooting issues with log sources or systems, with internal IT teams and vendors, providing resolution to defects or performance issue as needed.
Creating detailed reports on the status of the SIEM that also includes metrics on items such as number of logging sources;
log collection rate, and server performance.
Design and build dashboards in the SIEM.
Develop, implement, and execute standard procedures for the administration, management, and lifecycle of the SIEM.
Participating in incident response and technical investigations as needed.
Performing in-depth analysis of current threat activity and trends
Mentoring and training security team members on the SIEM deployment and operation.
Providing support for audits and gathering of artifacts for FedRAMP, ISO27001, PCI, SOC1 & SOC2, etc.
What it takes :
BS in Computer Science, Cyber Security, Information Assurance, or Information Security preferred.
3-5 years SIEM experience that includes leading SIEM deployments and optimization.
Minimum 2 years working experience with LogRhythm and / or Splunk.
Experience working with major Cloud providers and in FedRAMP-certified environments preferred.
Understands and can articulate how the SIEM platform and service provides value to the company.
Experience in a large enterprise environment analyzing security event data for attack patterns and understanding attacker tactics.
Experience in developing SIEM correlation rules to detect new threats beyond current capabilities.
Working knowledge of Threat intelligence to interpret IOC’s and translating them for SIEM alerting.
Scripting skills (Python, PowerShell, Regular Expressions, Lua)
Experience with Windows and Linux Operation Systems
Experience creating and refining metrics to articulate and measure program performance.
Able to work independently and efficiently, as well as with others, to meet deadlines in a fast-paced environment.
Self-motivated and detail-oriented.
Possess excellent writing and communication skills.
CISSP, GCIH, CISA, CISM, or other industry certifications preferred.
Subject to applicable laws and regulations, OpenText’s global vaccination policy requires all employees to be fully vaccinated against COVID-19 to enter an OpenText office.
Accommodations may be available for specific roles.